Being proactive in a volatile cyber insurance market | #malware | #ransomware | #hacking


In the past five years, the average ransom demand has shot up from $15,000 to $175,000 – an almost twelve-fold increase – according to the NetDiligence 2021 Ransomware Spotlight Report. Furthermore, ransom demands crossed the $1 million threshold in 2018, the $3 million threshold in 2019, and publicly available data indicates that they crossed the $30 million threshold in 2020 – although this was likely negotiated down.

The ransomware headache doesn’t stop there. In 2020, a new wave of ransomware attacks hit the market. Known as ‘double extortion,’ threat actors are maximizing their chance of making profit by threatening the victim with an additional abuse of the information they encrypted, such as selling or auctioning it.

Read next: Microsoft attack could result in a flood of cyber claims

In contention with such a fast-paced and ever-changing risk landscape, cyber insurers have reacted by seeking more rate and shoring up their underwriting guidelines in order to control their costs and protect their books. Some have even started sub-limiting ransomware and applying co-insurance provisions, forcing insureds to share more of the risk.

“The cyber market is undergoing significant volatility due to the unprecedented level of dangerous and damaging cyberattacks being successfully launched against American companies,” said Ari Giller (pictured top), vice president of cyber & tech underwriting, Tokio Marine HCC – Cyber & Professional Lines Group. “Based on our claims data, ransomware frequency increased by over 100% compared to 2018, and the average ransom demand increased by 700%. The cyber landscape is constantly evolving.”

The firming of the market is having a big impact on brokers and agents. Not only do they have to work harder to secure adequate coverage for their clients, but they also have to educate themselves and continue to develop their technical skillsets around cybersecurity controls and best-practice cyber risk mitigation. This is vital if they want to differentiate themselves in a hardening market, according to Christiaan Durdaller (pictured immediately below), president and CEO of INSUREtrust.     

Read more: Cyberattacks by nation states becoming more aggressive

“If you can’t carry the messaging to your clients around what multi-factor authentication (MFA) is and how to implement it, you are going to struggle to put the best cyber insurance program in front of them,” said Durdaller. “[Likewise], if a broker cannot explain how to put remote desktop protocol (RDP) behind a VPN with everyone working from home […] they will not be successful in this market.”

Companies of all sizes benefit from a layered and dynamic approach to cyber risk management, which incorporates tools, products and services, said Shannon Groeber (pictured below), executive vice president, CFC Underwriting. “From a proactive perspective, tools such as MFA, segmentation of networks and sensitive information, consistent backups of data and employee training and awareness are foundational and put companies in a better position to define and minimize threats.”

Proactive cyber security controls are absolutely essential in today’s evolving threat landscape. Many would argue that cyber insurance should not be seen simply as a financial risk transfer product; rather, it is a holistic risk management solution that protects not only the insureds but also the cyber insurance market itself. As rates rise, coverage constricts, and cyber threats boom, we will only succeed with an ‘all in this together’ approach.



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published. Required fields are marked *

61 + = 66